SPIP <3.1.2 - Cross-Site Scripting CVE-2016-7981
- Severity
- CVSSv3 Score
- 6.1
- Vulnerability description
SPIP 3.1.2 and earlier contains a cross-site scripting vulnerability in valider_xml.php which allows remote attackers to inject arbitrary web script or HTML via the var_url parameter in a valider_xml action.
- Risk description
No risk description to display.
- Recommendation
Upgrade SPIP to version 3.1.2 or later to mitigate this vulnerability.
- References
- https://core.spip.net/projects/spip/repository/revisions/23202https://core.spip.net/projects/spip/repository/revisions/23201https://core.spip.net/projects/spip/repository/revisions/23200https://nvd.nist.gov/vuln/detail/CVE-2016-7981http://www.openwall.com/lists/oss-security/2016/10/05/17
- Codename
- Not available
- Detectable with
- Network Scanner
- Scan engine
- Nuclei
- Exploitable with Sniper
- No
- CVE Published
- Jan 18, 2017
- Detection added at
- Software Type
- Not available
- Vendor
- Not available
- Product
- Not available